search

nodeSolidServer / node-solid-server

Solid server on top of the file-system in NodeJS
https://solidproject.org/for-developers/pod-server
Other
1.78k stars 298 forks source link

ES256 is not a supported algorithm when logging with Inrupt.com (Pod Spaces) account #1602

Open acailly opened 3 years ago

acailly commented 3 years ago

Hi,

When logging with an Inrupt.com account (a.k.a Pod Spaces, https://signup.pod.inrupt.com/) on several apps, I find the following error in the console: normalizedAlgorithm.importKey is not a function after trying to access other users data which are hosted in a NSS instance

After setting up a local Node Solid Server instance and reproducing the bug, I found the problem occurs here: https://github.com/solid/jose/blob/main/src/jose/JWA.js#L90

I logged around this line to get more info:

Expand to see logs ```javascript normalizedAlgorithm: { "message": "ES256 is not a supported algorithm" } supportedAlgorithms: { "sign": { "HS256": { "params": { "name": "HMAC", "hash": { "name": "SHA-256" } } }, "HS384": { "params": { "name": "HMAC", "hash": { "name": "SHA-384" } } }, "HS512": { "params": { "name": "HMAC", "hash": { "name": "SHA-512" } } }, "RS256": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-256" } } }, "RS384": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-384" } } }, "RS512": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-512" } } }, "none": {} }, "verify": { "HS256": { "params": { "name": "HMAC", "hash": { "name": "SHA-256" } } }, "HS384": { "params": { "name": "HMAC", "hash": { "name": "SHA-384" } } }, "HS512": { "params": { "name": "HMAC", "hash": { "name": "SHA-512" } } }, "RS256": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-256" } } }, "RS384": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-384" } } }, "RS512": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-512" } } }, "none": {} }, "encrypt": {}, "decrypt": {}, "importKey": { "RS256": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-256" } } }, "RS384": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-384" } } }, "RS512": { "params": { "name": "RSASSA-PKCS1-v1_5", "hash": { "name": "SHA-512" } } } } } key.alg: "ES256" ```

And this file seems to confirm the absence of E256: https://github.com/solid/jose/blob/main/src/algorithms/index.js#L58

Does it mean that inrupt.com (and I guess other ESS based accounts) are currently not compatible with node-solid-server?

mrkvon commented 2 years ago

Hey, i tested this locally after doing npm update. You could double check, but it seems to be resolved by https://github.com/nodeSolidServer/jose/pull/19 as well. May take some time before showing up in production servers though...

@bourgeoa @acailly